Cyber disaster response: development of simulation exercises

Registration

Opened,

13 Nov 2025

15 Mar 2026

Event dates

08 Jun 2026

11 Jun 2026

Location

Global or multi-regional

Port Louis
Mauritius

Training topics

Cybersecurity

Training type

Face to Face

Languages

English

Coordinators

Ghazi Mabrouk
Manish Lobin

Course level

Intermediate

Duration

26 hours

Event email contact

mlobin@cert.govmu.org

$0.00

Event organizer(s)

Supported by

Description

This 3.5-day training course provides essential steps and guidelines for designing effective cybersecurity exercises, focusing on the practical aspects of cybersecurity. During the course, participants will learn how to define objectives, choose appropriate approaches, create realistic scenarios, establish rules, select relevant metrics, and capture valuable lessons.

The program also emphasizes developing cyber disaster response simulations, enhancing participants' ability to foster collaboration between the public and private sector entities. By the end of the course, participants will gain a deeper understanding of cyber-attacks and strategies for protecting and defending critical information infrastructures. These skills will enable them to better plan, implement, and follow up on cyber disaster responses.

With generous support from the Global Gateway initiative of the European Union, participation in this training programme is free of charge for selected applicants. This includes accommodation, meals, and other planned learning activities during the training. Participants or their organizations are responsible for covering their travel expenses and visa application costs for Mauritius if needed.

Target population

This training is intended for policymakers, ICT regulators and government officials such as Information Security Officers, Security Managers, Network Engineers and System Administrators.

The maximum number of participants in this training is limited to 25 participants.

Entry requirements

Members of the above-mentioned target population are invited to apply for the training if they meet the following criteria:

Hold an undergraduate degree in a relevant field or have a minimum of three years of experience in incident response, network security, information system security and system administration if they do not hold a university degree.
Possess a fluent level of English.
Complete the application questionnaire and attach an up-to-date CV, a recommendation letter from their employer, and a motivation letter.

Government officials and policymakers from developing countries, particularly women, are encouraged to apply. Selection will be conducted by the course organizers, who will consider the above entry requirements along with an analysis of the application questionnaire and the recommendation/motivation letter of each applicant.

Learning objectives

Upon completing the training, participants will be able to:

Develop incident response and crisis management plans
Design a cyber security simulation exercise
Execute table-top exercises (TTX) and live simulations
Develop effective communication plans for an effective interaction with all actors during crisis.

Methodology

The training will include presentations by subject matter experts, analysis of examples and real-life case studies, as well as group exercises followed by instructor feedback. Cyber simulation scenarios based on cyber threats such as advanced persistent threats (APTs), AI-based threats, phishing, ransomware, among others, will be conducted.

Assessment and grading

Grading matrix:

Active participation: 10%
Group exercise & presentation 1: 20%
Group exercise & presentation 2: 20%
Group exercise (simulation exercise) 3: 20%
Final exam: 30%

A total score of 70% or higher is required to obtain the ITU certificate. Please note that full attendance throughout the training is mandatory for certification.

Training details and instructional approach

Day 1 – Monday, 8 June 2026

10:00-11:00: Principles of Cyber Incident Response

Cybersecurity preparedness
Cyber incident response plan
Learning outcomes:
- Formulate the key components of incident response plan development
- Outline key actions for the coordination of a cyber response
- Execute an incident response plan

11:00-12:30: Classwork and discussion on the principles of cyber incident response

Describe the theoretical and practical dimensions of cyber incident response, including analysis, coordination, and mitigation strategies

13:30-14:30: Introduction to Cyber Simulation Exercises

Introduction to simulation exercises
Benefits of simulation exercises
Types of exercises
Exercise planning
Learning outcomes:
- Recognize the basis of a simulation exercise
- Insights into the different types of exercises and when to have them
- Familiarity with the different stages of the exercise planning process

14:30-15:00: Developing Realistic Cyber Scenarios

Design components and development of scenarios
Learning outcomes:
- Formulate requirements for developing cyber exercises (scope, objective, etc.)
- Writing of scenarios
- Scenario progress and injects finalization
- Scenario hosting requirements

15:15-16:15: Exercise, group presentation and debrief session

Integrate and apply concepts of exercise preparation, planning, and scenario design to develop coherent and effective cyber exercises

Day 2 – Tuesday, 9 June 2026

09:00-10:00: Conducting Table-Top Exercises

Implementation of table-top scenarios
Learning outcomes:
- Plan and implement effective tabletop exercises
- Elaborate actions for containing attacks and recovering from them
- Enhance communication and decision-making process in the event of a real cyber-attack

10:30-11:30: Classwork and discussion on the development of cyber scenarios

Develop scenarios, to include key principles, structures, and methodologies for creating effective cyber exercise scenarios

13:00-14:00: Implementation of Practical (Hands-On) Scenarios

Infrastructure requirements
Preparation of simulation environment
Learning outcomes:
- Prepare the configuration of a simulation environment, including network architecture, exercise platforms, and participant roles, to support realistic cyber exercises

14:30-16:00: Exercise, group presentation and debrief session

Reinforce and integrate the concepts covered on the design and implementation of tabletop and live simulation exercises through applied discussion and reflection

Day 3 – Wednesday, 10 June 2026

09:00-10:00: Running a Live Simulation

Example of the implementation of a simulation exercise
Learning outcomes:
- Analyze the practical implementation of a simulation exercise to apply key operational steps and coordination processes

11:15-12:00: Post-exercise Evaluation and Lessons Learned

Review the results of cyber simulation exercises
Extract key lessons from exercises conducted

13:00-14:30: Exercise and debrief session

Explore how technical simulation exercises are designed and conducted while stepping into the role of an incident responder to investigate what went wrong

Day 4 – Thursday, 11 June 2025

09:30-10:30: Exam - one-hour, individual multiple-choice quiz on the topics covered
10:30-10:45: Course evaluation
11:00 – 12:30: Certificate award ceremony & closing

Tutors

Kaleem Ahmed USMANI

Selvana Naiken Gopalla

Mrs

Registration information

Document on registration information (English)

Unless specified otherwise, all ITU Academy training courses are open to all interested professionals, irrespective of their race, ethnicity, age, gender, religion, economic status and other diverse backgrounds. We strongly encourage registrations from female participants, and participants from developing countries. This includes least developed countries, small island developing states and landlocked developing countries.